Steptoe Blockchain Bloghttps://www.steptoeblockchainblog.com
Mon, 18 Sep 2017 19:12:50 +0000en-UShourly1https://wordpress.org/?v=4.7.7Alan Cohn Featured on the Future Tech Podcasthttp://feeds.lexblog.com/~r/SteptoeBlockchainBlog/~3/aUD8b6OQhvA/
Mon, 18 Sep 2017 19:12:50 +0000http://www.steptoeblockchainblog.com/?p=936Continue Reading]]>Alan Cohn was recently featured on the Future Tech Podcast. In an interview with Richard Jacobs, Editor of Crypto News Insider and Organizer & Host of the Bitcoin, Ethereum, and Blockchain Super Conference 2018, Alan discusses the recent regulatory changes and guidance related to cryptocurrency such as the recent Securities and Exchange Commission (SEC) Investigative Report on the Distributed Autonomous Organization and Investor Bulletins along with the need for clearer tax treatment of cryptocurrencies. Listen to the podcast here.
]]>https://www.steptoeblockchainblog.com/2017/09/alan-cohn-featured-on-the-future-tech-podcast/Blockchain and Cryptocurrency: The Emerging Regulatory Frameworkhttp://feeds.lexblog.com/~r/SteptoeBlockchainBlog/~3/kl-dKva-wr0/
Mon, 18 Sep 2017 15:14:07 +0000http://www.steptoeblockchainblog.com/?p=933Continue Reading]]>This summer, US and international regulators have brought enforcement actions, issued guidance and explanatory documents, and sharpened previously-taken positions regarding regulation of cryptocurrency and crypto-tokens under the anti-money laundering, derivatives, securities, and tax laws. These actions provide a better sense of the way in which US regulators will approach the blockchain and digital asset space going forward, but also leave many unanswered questions.

These recent actions indicate increased regulatory risk for certain types of activities. Companies that have made or are contemplating making initial coin offerings or cryptocurrency investments should assess these activities in light of these new regulatory pronouncements. But overall, this latest round of regulatory actions may provide greater regulatory certainty and a better understanding of regulatory priorities, which in turn can provide innovators and early adopters a clearer legal framework within which to operate.

Steptoe’s advisory covers four areas of recent regulation and guidance:

Before 2014, the treatment of virtual currency for tax purposes was somewhat of an open question. That is, would it be treated like a currency? Maybe a foreign currency? Or would it be treated like property? Or maybe a commodity or a derivative? The IRS took initial steps to answering that question in Notice 2014-21, where the IRS asserted that virtual currency would be treated like property.

A lot of practitioners thought that this was probably the right answer, as did many significant investors, but for ordinary folks who have been using bitcoin or other virtual currency to buy goods and services, it may have been a bit surprising. Essentially, the IRS characterization means that if you go to Starbucks and use bitcoin to buy your coffee, while it may seem to you the same as using dollars, for tax purposes, it’s more like using gold. And if your gold has appreciated in value since you acquired it, you may owe tax on the gain. Same thing with virtual currency. The problem arises because using virtual currencies to buy things seems much more like using cash than like using gold, so many virtual currency users may not have even considered that there could be potential tax consequences. But the IRS’s reasoning was that it cannot be a foreign currency because it’s not a fiat currency—that is, it’s not recognized by any government.

Beyond the treatment of virtual currency as property, the guidance is pretty thin. The IRS assumes that once it is characterized as property, normal tax consequences flow from that. Thus, for example, the Notice explains that if an employer pays an employee in virtual currency, the employee must include the value of the virtual currency in income as compensation, and the employer must report the value of the compensation on a Form W-2. However, there are many more questions that the Notice doesn’t answer, such as how to calculate the gain upon disposition, nor does it even try to. It contemplated that there would be more guidance in the future and the Notice requests comments on what the guidance would look like. Unfortunately, so far, the IRS has not issued anything further. In fact, last fall, the Treasury Inspector General for Tax Administration (TIGTA) issued a report taking the IRS to task for not providing more guidance.

First is that the IRS needs to develop a coordinated virtual currency strategy. TIGTA found little coordination between IRS functions to see the big picture for virtual currency. Individual parts of the IRS may be looking at virtual currency, but there is no master plan for how to deal with virtual currency within the IRS.

The second is that taxpayers need more education about virtual currency tax compliance. The treatment as property under Notice 2014-21 creates compliance issues for taxpayers and the IRS really needs to issue more guidance.

Finally, the report indicates that there should be some modifications to third-party information reporting to help identify virtual currency transactions. There is a range of third-party reporting that has implications for virtual currency, only some of which is addressed by the Notice. For example, the Notice states that payers must file Forms W-2 or Forms 1099-MISC in appropriate circumstances, but those forms do not break out receipts of virtual currency. Having a little more information could be very helpful for the IRS to understand better how virtual currency is being used.

Enforcement Actions

Perplexingly and frustratingly for taxpayers, instead of providing more guidance and educating taxpayers of their tax obligations relating to virtual currency, the IRS instead is pursuing enforcement actions. The first such action was issuing a “John Doe summons” to the Coinbase virtual currency exchange. Generally speaking, if the IRS doesn’t know the identity of person about whom it seeks information, it can issue a John Doe summons to obtain information about an ascertainable group of people. The Coinbase summons seeks all customer records for a period from 2013 to 2015. This includes basically everything– all records of account/wallet vault activity including transaction logs and other records. The summons also asks for any correspondence between Coinbase and the users. After some pushback from Coinbase and its customers, the IRS has narrowed the scope of the summons to cover customers engaging in transactions of $20,000 or more.

This summons may be a sign of things to come. It seems like the IRS feels like there’s not a lot of transparency into what’s going on with these virtual currencies. In a recent interview, the new Chief of IRS Criminal Investigation (CI) division hinted the IRS is going to step up a campaign into the virtual currency space, noting that virtual currency is increasingly becoming a tax evasion issue and the IRS must train its agents to understand and address these issues. Accordingly, we may see more enforcement actions, such as additional summons to other virtual currency exchanges and wallets, possibly extending investigations into other virtual currencies.

On the other hand, rather than pursue this enforcement route, there may be an opportunity to issue guidance which would be helpful for taxpayers. Steptoe has been working with an industry coalition to engage proactively with the IRS to develop guidance that provides clear rules for taxpayers to follow and the IRS to administer. More information to allow taxpayers to comply without the expense and time (on both sides) of enforcement action would certainly be better for taxpayers as well as for the IRS.

]]>https://www.steptoeblockchainblog.com/2017/09/how-the-irs-taxes-digital-currency/Alan Cohn Quoted on the Recent Blockchain Regulatory Guidancehttp://feeds.lexblog.com/~r/SteptoeBlockchainBlog/~3/MY2qspghKDQ/
Mon, 21 Aug 2017 15:43:11 +0000http://www.steptoeblockchainblog.com/?p=924Continue Reading]]>The Street quoted Alan Cohn in an article on August 20 titled “How Federal Regulators Are Playing Catch-Up With Bitcoin Craze.” The article looks at the most recent enforcement actions and regulatory guidance from the Securities and Exchange Commission (SEC), the Financial Crimes Enforcement Network (FinCEN), the Internal Revenue Service (IRS), and the Commodity Futures Trading Commission (CFTC). Mr. Cohn opined about the significance of the recent regulation: “What you’re seeing now is the next round of regulatory guidance, and in a sense, starting to fill in some of the gray areas and the gaps that have emerged given the pace of development in this area […] You’re seeing an advance in the regulatory framework evolving around this new asset class.”

]]>https://www.steptoeblockchainblog.com/2017/08/alan-cohn-quoted-on-the-recent-blockchain-regulatory-guidance/Significant FinCEN Action Against BTC-e, Implications for Virtual Currency Exchangershttp://feeds.lexblog.com/~r/SteptoeBlockchainBlog/~3/g-QS2q7Tz_Q/
Mon, 31 Jul 2017 22:43:26 +0000http://www.steptoeblockchainblog.com/?p=921Continue Reading]]>On July 26, 2017, the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury assessed a civil monetary penalty of $110,003,314 against Canton Business Corporation (BTC-e), one of the largest virtual currency exchanges by volume in the world, and a $12,000,000 penalty against Alexander Vinnik, a Russian national who allegedly controlled, directed, and supervised BTC-e’s operations, finances, and accounts. On the same day, a 21-count criminal indictment against BTC-e and Mr. Vinnick was unsealed, and Mr. Vinnick was arrested in Greece.

This is the second supervisory action that FinCEN has taken against a virtual currency exchanger, and the first against a foreign entity operating as a money services business (MSB) with activities in the United States. FinCEN’s action also imposes the second highest civil monetary penalty assessed against an MSB to date. FinCEN has increasingly brought enforcement actions against MSBs and other non-traditional financial institutions, and similar actions seem likely in the future.

According to FinCEN, BTC-e lacked basic controls to prevent the use of its services for illicit purposes, and as a result, purportedly maintained a customer base of criminals who concealed and laundered proceeds from crimes such as ransomware, fraud, identity theft, tax refund fraud schemes, public corruption, and drug trafficking, none of which BTC-e reported to FinCEN and law enforcement as required.

However, the real news may be the other document released on July 25, a notice to investors titled “Investor Bulletin: Initial Coin Offerings” (July 25, 2017). In that document, the SEC sets out several areas of concern regarding ICOs—framed as advice to investors—from which the reader can discern the SEC’s initial expectations with respect to ICOs. Much of the guidance is not surprising, but the SEC’s statement paves the way for more certainty for companies considering ICOs.

The SEC will interpret certain ICOs as the offer and sale of securities. (See the DAO Report for an analysis of the DAO tokens.)

If the tokens issued as part of the ICO can be considered securities, then the virtual coins or tokens must be registered with the SEC, or the sale must be made pursuant to an exemption from registration.

Companies planning ICOs should carefully review the criteria for exemptions from registration, including the provisions relating to accredited investors and other restrictions involving net worth or income requirements, and should satisfy the criteria for those exemptions for US investors should the token be considered a security.

The SEC will likely scrutinize representations that particular ICO offerings are exempt from registration.

Sales of tokens as part of a crowdfunding should adhere to the requirements of the SEC’s crowdfunding regulations (called Regulation Crowdfunding) and other relevant securities laws.

If the virtual token or coin is a security, “investment professionals and their firms who offer, transact in, or advise on investments” must be licensed or registered in accordance with federal and state securities laws.

The SEC will scrutinize what it considers to be “jargon-laden pitches, hard sells, and promises of outsized returns.”

The SEC also made recommendations as to what investors should look for in a white paper or other offering document:

Companies issuing tokens should have “a clear business plan that you can read and that you [can] understand”; the “rights that the token or coin entitles you to should be clearly laid out, often in a white paper or development roadmap”; it should include “how and when you can get your money back in the event you wish to do so,” including whether there is the right to receive a refund or to resell the token, and “any limitations on your ability to resell the coin or token.”

The white paper, development roadmap, or other documentation should state “whether the blockchain is open and public, whether the code has been pubished, and whether there has been an independent cybersecurity audit.”

Additionally, the SEC noted a number of concerns regarding ICOs and virtual currencies more generally, including the following:

The SEC is concerned that “virtual currency exchanges and other entities holding virtual currencies, virtual tokens or coins may be susceptible to fraud, technical glitches, hacks, or malware. Virtual tokens or virtual currency may be stolen by hackers.”

The SEC is concerned that law enforcement faces significant challenges when investigating ICOs, including: tracing money, since “traditional financial institutions (such as banks) often are not involved with ICOs or virtual currency transactions, making it more difficult to follow the flow of money”; international scope, in that “ICOs and virtual currency transactions and users span the globe,” and that “the SEC may be unable to obtain information from persons or entities located overseas”; the lack of a central authority that would “collect virtual currency user information”; and the inability to freeze or secure virtual currency.

The SEC will likely issue additional guidance in the months ahead, but these insights drawn from the Investor Bulletin on ICOs give companies a good sense of some of the SEC’s primary focus issues.

]]>https://www.steptoeblockchainblog.com/2017/07/sec-begins-offering-guidance-on-initial-coin-offerings/SEC Weighs in on the Distributed Autonomous Organization’s Tokenshttp://feeds.lexblog.com/~r/SteptoeBlockchainBlog/~3/McJXTjB_u9w/
Thu, 27 Jul 2017 13:50:29 +0000http://www.steptoeblockchainblog.com/?p=910Continue Reading]]>The SEC announced yesterday that “offers and sales of digital assets by ‘virtual’ organizations are subject to the requirements of the federal securities laws.” Although not coming as a surprise, the SEC’s announcement affirms that companies seeking to involve US investors in an initial coin offering (ICO) must register offers and sales with the SEC or else qualify for an exemption.

The SEC chose the token offering by the Distributed Autonomous Organization (DAO) in April-May 2016 as the focus of the study. The DAO was built on top of the Ethereum blockchain by the German unincorporated organization Slock.it, and the success of its token offering ushered in the current wave of ICO activity. Although questions surrounded the DAO offering in terms of its prospective treatment under US securities laws, the DAO made headlines when it suffered an exploitation that led to the loss of $50 million in Ether. Although the SEC found that DAO “may have violated federal securities laws,” it decided against pursuing an enforcement action, choosing instead to use DAO as a demonstrative for future ICOs (“to advise those who would use a Decentralized Autonomous Organization … or other distributed ledger or blockchain-enabled means for capital raising, to take appropriate steps to ensure compliance with the U.S. federal securities laws”).

To reach its conclusion that DAO fell under U.S. securities laws, the SEC applied a traditional four step analysis derived from U.S. case law (most notably SEC v. W.J. Howey Co., 328 U.S. 293, 301 (1946)). Under that analysis, the SEC held that:

Foundational principles of the securities laws apply to virtual organizations or capital raising entities making use of distributed ledger technology

Investors in The DAO invested money

These investors had a reasonable expectation of profits

The profits were to be derived from the managerial efforts of others

Accordingly, the DAO should have registered—and entities planning operations similar to the DAO must register—offers and sales of tokens, and they must register as national securities exchanges, unless certain exemptions apply.

The SEC report, together with the Investor Bulletin on ICOs also issued by the SEC, provide the beginning of long-awaited SEC guidance for companies contemplating ICOs. (See Steptoe’s analysis of the SEC Investor Bulletin: Initial Coin Offerings here.) Some companies might pull ICOs out of U.S. markets altogether following the announcement. But others see SEC regulation as an opportunity to gain legitimacy and weed out illegitimate or fly-by-night ICOs. Registration with the SEC is an involved process, but it certainly can be done by ICO companies. San Francisco-based Blockchain Capital raised $10 million a few months ago after registering its token as a security.

The story is still unfolding, but whichever way the companies react, there’s no doubt that the SEC report is an ICO game-changer.

Many businesses are uninsured or underinsured when it comes to cybersecurity risks, but some analysts are predicting significant growth in the next few years. The decision whether to procure coverage for a smart contract system (or expand existing coverage) depends on factors such as the industry, the type of smart contract system, and the associated risks—all of which will vary from business to business.

One issue worthy of particular attention is the employee exclusion. These exclusions in the policy language should be scrutinized to determine the level of coverage for losses caused by employee errors, which are likely to be a significant source of risk in a smart contract system.

Also, cybersecurity policies may contain contractual exclusions that essentially prevent the insured from seeking indemnification for losses that arise from its own breach of contractual obligations. Here, the issue is one of scope—it may be fine for an insurer to exclude coverage that could incentivize the insured not to perform the underlying contract, but at the same time, the insured may have a legitimate need for coverage in situations where the insured’s own contract breach results from a system malfunction or a security breach. For example, the loss of data (whether by malfunction or theft) arguably warrants coverage, even if the insured breached its own contractual obligation to keep the data secure.

Vendor Indemnification Agreements

These days, blockchain platforms and enterprise applications are readily available from a variety of vendors. Established tech giants such as IBM (through its Bluemix platform) and Microsoft (through its Azure platform) are developing ways to offer blockchain-as-a-service (BaaS) to customers, and Blockchain startups abound.

In this competitive environment, customers may be able to negotiate indemnification from their chosen vendors in the event of a smart contract system malfunction or security breach. This strategy is important when a smart contract system replaces a conventional intermediary that otherwise would have served as a source of indemnification. Examples include where a smart payment system eliminates the intermediary bank or other payment processor, or where a smart supply chain eliminates the need to outsource supply chain management functions. In all likelihood, the new smart contract system will require a new vendor agreement with its own set of warranties, disclaimers, and limitations of liability to be reviewed.

Agreements among the Parties

In the insurance industry, there is a concept called the “made whole doctrine” which essentially permits an insured to be made whole when it suffers losses above and beyond the limits of its insurance policy. Thus, if the insured suffers a $1 million dollar loss and receives half that amount from its insurer, it may seek to recover the other half from the wrongdoer before the insurer’s subrogation rights are triggered.

In the blockchain industry, there may be creative ways to permit an injured party to be “made whole.” One example is the DAO hack where the Ethereum community implemented a hard fork to return approximately 3.6 million Ether (worth around $70 million at the time) taken from the DAO. This effort to make the DAO’s investors whole was not without controversy—and led to the creation of a competing Ethereum blockchain (Ethereum classic)—but it illustrates the potential for parties to cooperate when a loss occurs.

A “make whole” agreement between the parties may be best suited for losses not covered by insurance or vendor indemnification. An example is an overpayment by a smart contract, which can be corrected if the parties have agreed to a procedure for reimbursing the injured party. The practice of reviewing prior transactions and correcting mistakes is not new to commercial dealings, but remember that smart contracts are executed by computers and code, which means that the system will need to be programmed to permit correction of mistakes. Another option is for the parties to establish a procedure that allows human beings to correct mistakes independent of the smart contract system.

Properly implemented, a smart contract system should reduce mistakes, increase efficiency, and improve the profitability of the underlying business. This article is not an argument to the contrary, but rather an acknowledgment that effective risk management is critical to the successful integration of smart contract systems into daily business operations.

]]>https://www.steptoeblockchainblog.com/2017/06/three-ways-to-indemnify-your-business-or-your-clients-business-from-smart-contract-risks/Implications of S. 1241, the Combating Money Laundering, Terrorist Financing, and Counterfeiting Act of 2017http://feeds.lexblog.com/~r/SteptoeBlockchainBlog/~3/28jLxAcR3Cs/
Fri, 23 Jun 2017 15:36:55 +0000http://www.steptoeblockchainblog.com/?p=894Continue Reading]]>Congress has become increasingly interested in the current state of knowledge about potential links between terrorist financing and money laundering. In the House of Representatives, the Financial Services Committee’s Subcommittee on Terrorism and Illicit Finance held a hearing on June 8, 2017, titled “Virtual Currency: Financial Innovation and National Security Implications.” In the Senate, Senator Grassley (R-IA), along with Senators Feinstein (D-CA), Cornyn (R-TX), and Whitehouse (D-RI), recently introduced Senate Bill 1241, titled “Combating Money Laundering, Terrorist Financing, and Counterfeiting Act of 2017.” The bill, which generally aims to strengthen criminal money laundering statutes, is specifically aimed at fighting terrorism and terror finance.

Of particular relevance with respect to S. 1241 are the potential implications of the bill on blockchain and digital currencies. There are three relevant proposed changes:

Inclusion of digital currency in the definition of financial institution and monetary instrument under 31 U.S.C. § 5312(a): This provision of the Bank Secrecy Act (“BSA”) would be amended to state that “(2) “financial institution” means – […] (K) an issuer, redeemer, or cashier of travelers’ checks, checks, money orders, prepaid access devices, digital currency, or similar instruments, or any digital exchanger or tumbler of digital currency” [changes in bold];

GAO Report: The bill calls for the Comptroller General to submit a report to Congress on: (1) the impact the amendments would have on law enforcement, the prepaid access industry, and consumers; and (2) the implementation and enforcement of the Treasury Department’s Bank Secrecy Act (“BSA”) regulations (76 Fed. Reg. 45403); and

Homeland Security and Customs and Border Protection (“CBP”) Report: The bill calls for the Secretary of Homeland Security and the CBP Commissioner to submit a report to Congress on: (1) a strategy to interdict and detect prepaid access devices, digital currencies, and similar instruments at border crossings; and (2) an assessment of the infrastructure needed for this strategy.

Under the BSA, a person or an agent or a bailee of the person who is transporting, will transport, or has transported “monetary instruments” of more than $10,000 at one time to, from, or through the US must file a Report of International Transportation of Currency or Monetary Instruments . Including digital currency in the definition of “monetary instrument” would subject those devices to these anti-money laundering reporting requirements under the BSA, as stated in the bill summary.

The expanded definition of monetary instruments raises numerous logistical and technical questions. Digital currency can be stored in digital wallets, or “hot wallets,” through companies like Coinbase, Xapo, or BitGo, or stored offline in a hardware wallet. In theory, a person always carries their digital currency—or the ability to transact their digital currency—with them, including as they cross a border. This provision effectively requires the declaration of more than $10,000 in digital currency holdings whenever a person or persons jointly filing a declaration cross the border.

The challenge, of course, is that many of today’s financial instruments work this way. If you have online banking access on your phone, or the ability to draw cash off of your credit cards, and this exceeds $10,000, then you are similarly carrying digitally-accessable currency across the border. Moreover, these digital capabilities enable a person to access the overwhelming currency of choice for criminals: Cash.

This challenge is less about virtual currency and more about how to adapt regulatory structures designed for an earlier era to today’s digitally-enabled economy. Singling out virtual currencies at the border doesn’t materially impact the risk of money laundering or terrorism financing. While criminals are using digital currencies like bitcoin, the majority of digital currency activity does not involve illicit activity (See Jonathan Levin of Chainalysis’s Written Testimony). In fact, according to a recent report from the Center for a New American Security (CNAS), “there is no more than anecdotal evidence that terrorist groups have used virtual currencies to support themselves.” The technology does have features that may be attractive to criminals, including enabling low cost, efficient, peer-to-peer transactions, but those features are exactly why the technology may bring huge benefits to myriad industries (e.g., Digital Identity, Smart Contracts, Pharmaceuticals).

At the recent hearing on virtual currencies convened by the House Terrorism and Illicit Finance Subcommittee, the witnesses repeatedly emphasized that criminals and terrorists are mostly using unregulated, overseas exchanges. Due to existing guidance and regulation within the US, US blockchain and digital currency companies are already registering with FinCEN and complying with anti-money laundering (AML) and know your customer (KYC) procedures. This deters criminals from using their services as should the permanence and transparency inherent in blockchain technology. Former Assistant United States Attorney Kathryn Haun suggested the best way to address illicit use of virtual currencies is “more statutory authority to go after the segments of their [unregulated and overseas] businesses that rely upon US companies for support.” In that way, Section 15 of S. 1241, which seeks to strengthen existing laws that allow law enforcement to obtain foreign bank records, is a more impactful step.

Congress should consider the impacts of singling out virtual currency users, the majority of whom are not using virtual currency for illicit purposes. A better and more risk-based approach should strike a balance between discouraging illicit use while still encouraging innovation.